2011 CVE Vulnerabilities
4,898 CVEs published in 2011.
| CVE ID | Severity | CVSS | EPSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2011-4642 | — | — | 28.9% | Jan 3, 2012 | mappy.py in Splunk Web in Splunk 4.2.x before 4.2.5 does not properly restrict use of the mappy command to access Python... |
| CVE-2011-3669 | — | — | 0.9% | Jan 2, 2012 | Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows rem... |
| CVE-2011-3668 | — | — | 0.9% | Jan 2, 2012 | Cross-site request forgery (CSRF) vulnerability in post_bug.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remot... |
| CVE-2011-3667 | — | — | 1.1% | Jan 2, 2012 | The User.offer_account_by_email WebService method in Bugzilla 2.x and 3.x before 3.4.13, 3.5.x and 3.6.x before 3.6.7, 3... |
| CVE-2011-3657 | — | — | 1.0% | Jan 2, 2012 | Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.x and 3.x before 3.4.13, 3.5.x and 3.6.x before 3.6.7,... |
| CVE-2011-4620 | — | — | 12.8% | Dec 31, 2011 | Buffer overflow in the ulSetError function in util/ulError.cxx in PLIB 1.8.5, as used in TORCS 1.3.1 and other products,... |
| CVE-2011-4617 | — | — | 0.3% | Dec 31, 2011 | virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain... |
| CVE-2011-1710 | — | — | 3.6% | Dec 31, 2011 | Multiple integer overflows in the HTTP server in the Novell XTier framework 3.1.8 allow remote attackers to cause a deni... |
| CVE-2011-5046 | — | — | 45.5% | Dec 30, 2011 | The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Window... |
| CVE-2011-5045 | — | — | 1.6% | Dec 30, 2011 | Cross-site scripting (XSS) vulnerability in details_view.php in PHP Booking Calendar 10e allows remote attackers to inje... |
| CVE-2011-5044 | — | — | 1.1% | Dec 30, 2011 | SopCast 3.4.7.45585 uses weak permissions (Everyone:Full Control) for Diagnose.exe, which allows local users to execute ... |
| CVE-2011-5043 | — | — | 2.1% | Dec 30, 2011 | TomatoSoft Free Mp3 Player 1.0 allows remote attackers to cause a denial of service (application crash) via a long strin... |
| CVE-2011-5042 | — | — | 1.1% | Dec 30, 2011 | Cross-site scripting (XSS) vulnerability in inc/lib/lib.base.php in SASHA 0.2.0 allows remote attackers to inject arbitr... |
| CVE-2011-5041 | — | — | 1.6% | Dec 30, 2011 | Multiple cross-site scripting (XSS) vulnerabilities in Pulse Pro CMS 1.7.2 allow remote attackers to inject arbitrary we... |
| CVE-2011-5040 | — | — | 3.2% | Dec 30, 2011 | Multiple cross-site scripting (XSS) vulnerabilities in Infoproject Biznis Heroj allow remote attackers to inject arbitra... |
| CVE-2011-5039 | — | — | 1.1% | Dec 30, 2011 | Multiple SQL injection vulnerabilities in Infoproject Biznis Heroj allow remote attackers to execute arbitrary SQL comma... |
| CVE-2011-5038 | — | — | 1.2% | Dec 30, 2011 | SQL injection vulnerability in hitCode hitAppoint 4.5.17 and possibly earlier allows remote attackers to execute arbitra... |
| CVE-2011-5037 | — | — | 1.5% | Dec 30, 2011 | Google V8 computes hash values for form parameters without restricting the ability to trigger hash collisions predictabl... |
| CVE-2011-5036 | — | — | 4.0% | Dec 30, 2011 | Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricti... |
| CVE-2011-5035 | — | — | 68.9% | Dec 30, 2011 | Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 a... |
| CVE-2011-5034 | — | — | 81.2% | Dec 30, 2011 | Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger ha... |
| CVE-2011-4885 | — | — | 83.9% | Dec 30, 2011 | PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions pre... |
| CVE-2011-4838 | — | — | 4.4% | Dec 30, 2011 | JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which ... |
| CVE-2011-4815 | — | — | 4.2% | Dec 30, 2011 | Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predi... |
| CVE-2011-4462 | — | — | 2.2% | Dec 30, 2011 | Plone 4.1.3 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisi... |
Check if your code is affected by 2011 CVEs
Strix scans your code and infrastructure for known vulnerabilities automatically.
Scan your code now